Government Technology

Government Agencies Among Those Hacked in Massive January Botnet Attack


February 22, 2010 By

A massive cyber-attack has compromised the information of roughly 75,000 computer systems in at least 2,400 corporations and governments around the world, according to a U.S. security firm.

The Washington Post reported on Feb. 18, that NetWitness, based in Virginia, has found that the Kneber bot is responsible for an infiltration that began in 2008 but was discovered just this past month, almost two years after it was supposed to have begun. Targeted data includes e-mails, credit card transactions and log-in credentials. Kneber is being deemed a botnet, a computer program created by a Trojan designed to infiltrate computers and wreak havoc.

"Botnets themselves aren't new," said Michael Maloof, CTO of TriGeo Network Security. "Most of the spam on the Internet is driven by millions of compromised PCs, but I think what is relatively new is that the botnet herders seem to be targeting high-value corporations and certainly high-value government institutions."

Amit Yoran, CEO of NetWitness, told The Wall Street Journal that Eastern European criminals originated the attack by using computers in China. Neither the Journal nor the Post claims that it had anything to do with government powers in those countries.

"The technology itself is not a big deal, but the risk is," Maloof said. "And I think anyone who's not taking the risk seriously really needs to wake up and smell the coffee here. This falls into this category, really, [of] an advanced persistent threat. There are highly organized individuals out there who have access to sophisticated technology,"

Ten government agencies in the United States were victims in the attack, but the vast majority of those targeted were from the private-sector health and technology areas. Unfortunately neither the public- nor private-sector organizations were able to protect themselves from the breach, perhaps suggesting that the IT community as a whole needs to be more diligent in security.

Jeff Nigriny, president of CertiPath, suggested that IT security professionals need to be as competent in protecting computers systems as doctors and scientists are in protecting the biological world.

"I don't think you would ever see a report in the medical community about one system in the human body shutting down after another," he said. "We have doctors who are trained to find the route cause, whether it's cancer, radiation poisoning or a blood disorder, whatever."


| More


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
Maintain Your IT Budget with Consistent Compliance Practices
Between the demands of meeting federal IT compliance mandates, increasing cybersecurity threats, and ever-shrinking budgets, it’s not uncommon for routine maintenance tasks to slip among state and local government IT departments. If it’s been months, or even only days, since you have maintained your systems, your agency may not be prepared for a compliance audit—and that could have severe financial consequences. Regardless of your mission, consistent systems keep your data secure, your age
Best Practice Guide for Cloud and As-A-Service Procurements
While technology service options for government continue to evolve, procurement processes and policies have remained firmly rooted in practices that are no longer effective. This guide, built upon the collaborative work of state and local government and industry executives, outlines and explains the changes needed for more flexible and agile procurement processes.
View All

Featured Papers